General
-
Target
2892-14-0x0000000000400000-0x000000000055B000-memory.dmp
-
Size
1.4MB
-
MD5
4e86c9add096c4c3908a592e8c94e01e
-
SHA1
b433681bfdf6e259a2f0023aeb83a74650737a89
-
SHA256
26e5cea8eee98f979443f77a340b9efea37afce55b9f7b298f7105eabb1b19ac
-
SHA512
bbe101fa6f86aa49f792457b9eb592b9222e7a22fd16c31e6fcdfc6b73fe8b8a7398c1f2724d0aeda15d44c7b262c2cb3b2e0d1692fef8c8de65ca28bfa05ffe
-
SSDEEP
24576:iZ1xuVVjfFoynPaVBUR8f+kN10EDDDhKi1A:iQDgok30cDh5A
Score
10/10
Malware Config
Extracted
Family
darkcomet
Botnet
2024+May3333-newcrt
C2
dgorijan20785.hopto.org:35800
Mutex
DC_MUTEX-M4P4YFY
Attributes
-
InstallPath
rar.exe
-
gencode
jSEma97mAgP2
-
install
true
-
offline_keylogger
true
-
password
hhhhhh
-
persistence
true
-
reg_key
winrar
Signatures
-
Darkcomet family
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2892-14-0x0000000000400000-0x000000000055B000-memory.dmp
Headers
Sections